Expand / Collapse search
Heat Advisory
from SAT 12:00 PM EDT until SAT 8:00 PM EDT, Madison County, Clarke County, Oconee County, Oglethorpe County, Walton County, Newton County, Morgan County, Greene County, Spalding County, Henry County, Butts County, Jasper County, Putnam County, Troup County, Meriwether County, Pike County, Upson County, Lamar County
2
Heat Advisory
until FRI 8:00 PM EDT, Stephens County, Forsyth County, Hall County, Banks County, Jackson County, Franklin County, Madison County, Hart County, Elbert County, Cobb County, North Fulton County, Gwinnett County, Barrow County, Clarke County, Oconee County, Oglethorpe County, Douglas County, South Fulton County, DeKalb County, Rockdale County, Walton County, Newton County, Morgan County, Greene County, Heard County, Coweta County, Fayette County, Clayton County, Spalding County, Henry County, Butts County, Jasper County, Putnam County, Troup County, Meriwether County, Pike County, Upson County, Lamar County

Georgia Department of Community Health services possibly hacked by Russian cybercriminals

By FOX 5 Atlanta Digital Team
Published  October 10, 2023 6:57pm EDT
Data Breaches
FOX 5 Atlanta
article

ATLANTA - Some who use services provided by the Georgia Department of Community Health are being alerted about a possible data breach believed to be orchestrated by a Russian cyber-extortion gang's global hack of a file-transfer program.

Maximus Health Services, Inc., which is contracted by the GDCH, reported a breach dating back to the end of May.

In a "HIPAA Notice" obtained by FOX 5 News on Tuesday, Maximus disclosed that the incident "involved certain individuals,'  including certain minor dependents,' personal information." However, it did not release how many people are believed to be impacted.

Global cyberattack targets US agencies

Cybersecurity experts believe a Russian hacker group is responsible for a cyberattack which targeted several US agencies. How the hackers were able to exploit a software vulnerability to their advantage.

The notice disclosed that Maximus "detected unusual activity" on May 30 and took steps to severe vendor software by the next day.

"The incident involved a critical vulnerability in MOVEit Transfer, a third-party software application provided by Progress Software Corporation (Progress)," the notice states. "Maximus is among the many organizations in the United States and globally that have been impacted by the MOVEit vulnerability."

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement in June addressing the vulnerability. The Department of Education also warned schools across the country which use the software.

The same exploit is believed to have impacted University System of Georgia.

UGA investigates cybersecurity issues

The University of Georgia and the University System of Georgia is currently investigating whether they are victims of a cyberattack by Russian criminals.

"Maximus takes this very seriously and is providing this notice to help individuals understand what happened, what Maximus is doing, and steps individuals can take to protect their information," the statement continues.

An investigation determined between May 27 and May 31, "unauthorized party obtained copies of certain files that were saved in the Maximus MOVEit application." A system audit report on Aug. 20 states the stolen "files contained some individuals’ personal information."

Some of that data may include case numbers, and the Head of Household's (HOH) name, date of birth, Social Security Number, address, email address, phone number and Client ID.

"As good practice, it is recommended that individuals regularly monitor account statements and monitor free credit reports. If individuals identify suspicious activity, individuals should contact the company that maintains the account on their behalf," the statement reads.

Maximus is offering two years of complimentary access to Experian IdentityWorks to those impacted.

Those who believe they have been impacted by the data breach and would like ddditional information should contact Maximus at 833-919-4749 toll‐free Monday through Friday from 9 a.m. to 11 p.m., and Saturday and Sunday from 11 a.m. to 8 p.m., excluding major U.S. holidays.

Maximus says it is notifying individuals by letter with an "engagement number" in dealing with questions about the breach.